We have an application that we need to ensure that our APPLICATION DATA should not be used (or opened) in different computers with same users. For that we thought about getting harddisk GUID as a part of data encryption private key. In this case raid disks, virtual PCs would fail and wouldn't be able to open the data. We need some advice about how to get a proper id to strict user-per computer but not user-harddisk.

Note: Both Mac and Windows supported

Edit: it was about application data, but not the application itself. Sorry for wrong asking

Questions on Programmers Stack Exchange are expected to relate to software development within the scope defined by the community. Consider editing the question or leaving comments for improvement if you believe the question can be reworded to fit within the scope. Read more about reopening questions here.
If this question can be reworded to fit the rules in the help center, please edit the question.

Can we ask what the application is? Why is it restricted to one computer (and usable by one person) and not one user?
–
Clockwork-MuseDec 27 '12 at 17:01

Note also that, even when you can get them, HDD IDs are not unique - e.g. in a previous job we discovered that all Dell's of a certain model had the same HDD ID, presumably due to ghosted drive images.
–
HappyCatDec 27 '12 at 17:33

you could aggregate a list of device info kind of like browser fingerprinting and use a validation threshold in case any components change (just postulating)
–
jtzeroDec 27 '12 at 19:33

So, the encrypted data is lost as soon as the HD fails, even if there is a backup.
–
mouvicielJan 10 '13 at 14:04

2 Answers
2

Maybe the MAC Adress of the Network adapter might be a proper solution for you. But even this cannot asure you a 100% unique ID because the Adapter can be built into another PC. But no matter what you do without a service based application you cannot 100% control who is allowe

Agreed (+1), I would probably go with MAC address too, but in addition to spoofing there is the issue of machines with multiple network adapters, so even if someone isn't maliciously trying to impersonate a known user, you still have the issue of a user unwittingly trying to connect from multiple MAC addresses at different times. As you say though, can't be 100% sure no matter what.
–
Joel BrownDec 27 '12 at 13:36

Yes, be careful of multiple MAC addresses per computer - I've fallen foul of this with my work laptop, where I usual use a wired connection, but sometimes disconnect and go wireless - same computer, two perfectly legitimate MAC addresses.
–
HappyCatDec 27 '12 at 17:30

You can't, and it's a terrible idea anyway. People use multiple computers, and even on their primary computer, they generally change their computer hardware more frequently than their software. Back when I used software like yours, I would disable that protection so I could properly use the software I paid for. Now, I don't even bother, and just buy from your less draconian competitors instead.

People can set their own MAC addresses, so that's not really a solution. Also, routers change the MAC address on packets, so a central server has no access to it.

If you really want to restrict by hardware, the only real way to do it is to supply your own dongle that must be attached to the computer. Yes, you can move the dongle, but you're still restricting use to a physical piece of hardware, so you can't just email someone a license key. You almost never see these because they're annoying for both users and distributors.

The most common form of user restriction nowadays is probably the license server. The software contacts a server to obtain a license, and must release the license before it can be used again somewhere else. This lets a user use software on multiple computers, but only one at a time, which really should be your goal here. It's still a little annoying for users, but acceptable if the software is high quality.

Thank you Karl, but I think I misasked the question. We have valueable data in our application. We need to protect the data encrypted in a machine so it couldn't be opened in another computer. That is we need a private key for our data encryption.
–
paskalnikovJan 10 '13 at 13:59

1

I don't understand. If the computer hardware dies, how do they get to their valuable data?
–
Karl BielefeldtJan 10 '13 at 14:17